13.6. Viewing ACIs

All the ACIs under a single suffix in the directory can be viewed from the command line by using the following ldapsearch command:
ldapsearch -x -D bind_dn -w password -p server_port -h server_hostname (aci=*) aci
See Chapter 10, Finding Directory Entries for information on using the ldapsearch utility.
From the Directory Server Console, all of the ACIs that apply to a particular entry can be viewed through the Access Control Manager.
  1. Start the Directory Server Console.
  2. In the Directory tab, right-click the entry in the navigation tree, and select Set Access Permissions.
  3. Check the Show Inherited ACIs check box to display all ACIs created on entries above the selected entry that also apply.